Axxes is ransomware (a rebranded version of Midas ransomware) that encrypts files and appends the ".axxes" extension to their filenames. We have discovered this malware while examining samples submitted to VirusTotal page. Axxes creates the "RESTORE_FILES_INFO.hta" file, which contains a ransom no
BestSearchIncognito is a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. BestSearchIncognito modifies browser settings to promote the bestsearchincognito.com fake search engine. After being successfully installed onto o
FreeSearchStreams is a browser hijacker designed to promote freesearchstreams.com, a fake search engine. It promotes this address by hijacking a web browser (by changing its settings). We have discovered FreeSearchStreams while inspecting various shady websites. We found that FreeSearchStr
Video Skipping Ads is promoted as the best extension for blocking ads on YouTube. We have discovered this app on a deceptive page asking us to "add extension" to complete the process. After adding and inspecting the Video Skipping Ads app, we found that it generates advertisements - it operates as
While inspecting dubious websites, we discovered the saveprivatedata[.]com rogue page. It is designed to promote scams, push spam browser notifications, and redirect visitors to different (likely untrustworthy/malicious) sites. Users typically enter such webpages via redirects caused by sites usin
PerfectConverters is the name of a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker promoting the perfectconverters.com fake search engine. Following successful installation onto our test machine, PerfectConverters reassi
While inspecting untrustworthy sites, our research team discovered the swooflia[.]xyz rogue page. It operates by endorsing deceptive content, promoting browser notification spam, and redirecting visitors to other (likely unreliable/malicious) websites. Webpages of this kind are typically accessed
We have inspected this email and concluded that it is a fake email from Avira (a legitimate computer software company). Scammers behind it attempt to trick recipients into believing that their computers are infected. Their goal is to trick them into opening a deceptive website and following the pr
PARKER is the name of a ransomware variant that our malware researchers have found while analyzing malware samples submitted to VirusTotal. We learned that PARKER encrypts files and appends ".PARKER" extension to filenames. Also, it creates the "RESTORE_FILES_INFO.txt" file, which contains a ranso
Healthiness is a piece of rogue software that our research team discovered while inspecting dubious download webpages. After analyzing this app, we determined that it operates as advertising-supported software (adware) and that is nearly identical to Bloom adware. Advertising-supported sof